VIR Vulnerability Intelligence Relay

Package impact

php Packagist / facturascripts/facturascripts

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-27892 medium 6.5 6.5 21d ago FacturaScripts Vulnerable to Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download php
CVE-2026-42879 medium 6.3 6.3 21d ago FacturaScripts Vulnerable to Authenticated Remote Code Execution (RCE) via GIF Image Upload in Product Images php
CVE-2026-32699 medium 5.5 1mo ago FacturaScripts has Insecure Parameter Handling: Unauthorized Modification of Immutable 'nick' Field php
CVE-2026-42877 medium 5.4 5.4 21d ago FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting (XSS) vulnerability exists in the product search modal of sales (Core/Lib/Aja… php
CVE-2026-42878 medium 5.3 5.3 21d ago FacturaScripts is an open source accounting and invoicing software. Prior to v2026, an unauthenticated information disclosure vulnerability in the Installer controller allows any remote attacker to t… php